ISO standard paves way for biometric security

Oct 7, 2008

The continued growth in electronic payments in South Africa, together with more sophisticated criminal attacks, is driving new security measure for payments – and now a biometric standard has been agreed.

According to Visa the International Organisation for Standardisation's (ISO) recent publishing of a standard for the implementation and management of biometric identification technology pave the way for the adoption of this technology within the financial services industry in South Africa.The ISO 19794 standard describes a framework for using biometric data, such as fingerprint scans, voice recognition and retinal identifications, for authentication purposes. The new standard promotes the integrated management of biometric data thus opening the way for use in the financial industry and the integration of biometric data into the overall information security management programme.According to Nick Essame, head of innovative payments for sub-Saharan Africa at Visa, the availability of a global standard for biometrics allows for the introduction of entirely new authentication factors which could bring an entirely new degree of security to the payment industry in South Africa."Payment authentication has previously been reliant on a single factor, or at best two, in the form of a signature, card number, PIN or password," says Essame. "This latest ISO standard paves the way for the use of more sophisticated authentication factors."Biometrics introduce, by their very nature, a very personal and secure additional way of protecting financial transactions. Adding biometric factors to our ever evolving security framework may be a way to introduce a step change into the authentication of cardholders and their financial transactions.'The application of biometric security may also extend to passports, ID cards, personal computers, mobile phones and for ensuring verified entry into secure environments. "The next evolution of this technology in South Africa may be a combination of the recently launched chip card EMV technology and some form of biometric verification," says Essame. "Biometric technology may also lead to improved safety is at ATMs in the future. "US-based NCR has implemented biometric enabled ATMs in India and Canada that scan your retina as you approach the ATM so that users are authenticated by the time you start their transaction"According to Essame, various other countries have implemented fingerprint biometric capabilities at ATMs to fulfill a similar function."There will, however, always be a small number of false positives and false negatives generated by this type of technology, as no system is perfect. It is therefore important that multiple authentication factors are used to ensure an optimal level of security is maintained," he says.